Apache / PHP Hardening

Apache compared to many other web servers has pretty good security by default however you may want to add some extra security to it by changing some of the default settings. For this example I will be using my favorite OS LinuxMint and version 13 and customizing the apache and php configurations to give a little tighter security


Change PHP Configuration File


When the text editor opens you will see many lines of configuration. go through the file and where you see the following variables replace them. If you do not have some of them feel free to add them to your configuration



Restrict Information Apache Gives Out

By default apache on error pages and such will display the OS / build etc, this can be used by a hacker to look up vulerabilities in your OS / version of apache. The following lessens what apache tells on those pages.


Change Apache Configuration File


When the text editor opens you will see many lines of configuration. go through the file and where you see the following variables replace them. If you do not have some of them feel free to add them to your configuration



Comit File Changes

Your edits will not take effect until apache gets restarted